Search This Blog

Showing posts with label Scam. Show all posts

Russian Man Convicted of $7 Million Digital Advertising Scam

 

A Russian person was found guilty in the United States of using a bot farm and hiring servers to create fraudulent internet traffic on media sites, causing businesses to pay inflated advertising rates. 

Prosecutors said Aleksandr Zhukov, 41, was the brains of the Methbot operation, in which 1,900 servers were used to generate millions of bogus online ad views on websites such as the New York Times and the Wall Street Journal. According to the US, Zhukov gained $7 million from the scheme and channeled the money into offshore accounts around the world, citing a text in which he referred to himself as the "King of Fraud." 

The group allegedly called their plan "Metan," which is the Russian term for methane, while the FBI and prosecutors referred to it as Methbot, and later as Media Methane, which was the name of Zhukov's company with operations in Russia and Bulgaria. 

Zhukov and his colleagues negotiated deals with advertising networks to display their ads on websites, then received a commission for each ad that was viewed. According to prosecution filings, Zhukov and his collaborators instead established bogus sites and manipulated data centres to produce false users to make it appear like actual people were viewing the ads from September 2014 to December 2016.

"Zhukov represented to others that he ran a legitimate ad network that delivered advertisements to real human internet users accessing real internet web pages," according to a superseding indictment filed on February 12, 2020. 

"In fact, Zhukov faked both the users and the webpages: he and his co-conspirators programmed computers that they had rented from commercial data centers in the United States and elsewhere to load advertisements on fabricated webpages, via an automated program, in order to fraudulently obtain digital advertising revenue," it says. 

Victims of the scheme "included The New York Times, The New York Post, Comcast, Nestle Purina, the Texas Scottish Rite Hospital for Children, and Time Warner Cable," the Department of Justice said in a news release. 

On a temporary US arrest order, Zhukov was arrested in Bulgaria in November 2018. In January 2019, he was extradited to the United States and pleaded not guilty to the accusations against him.

UNICC and Group-IB Shut Down 134 Scam Websites In a Major Crackdown

Cybersecurity agency Group-IB and UNICC carried out a joint venture where they took down 134 websites handled by hacking group "DarkPath." As per UN and Group-IB, these websites were earlier used to impersonate WHO. Hackers built a diverse network of 134 malicious domains that were pretending to be WHO on 'Health Awareness Day, ' asking people to fill a fake survey with an assurance of rewards in return. The hackers assured users €200 to take out the surveys and also share them with WhatsApp contacts. 

But, the rewards were never sent and the scam had built a massive spam campaign that gave new traffic to malicious websites. After informing UN's International Computing Centre, group IB worked with a range of service suppliers and network regulators, hosting providers, domain registrars to quash the 134 websites scam campaign. When the websites were blocked, hackers avoided using the WHO brand for their network campaign. But Dark Path still is active despite the WHO breakdown. As per Group-IB findings, the sites managed to land around 200000 users on the fake sites every day. 

Along with the multi-stage nature of the attack that makes it harder for researchers to detect, users saw personalized content that depends upon geolocation, language settings, and user agents. For instance, the reward currency for filling out the survey would vary depending upon the user's location. DarkPath controlled scam websites are still active and keep targeting millions of victims around the globe. These hackers promote their websites via paid ads, social media, and email blasts. 

According to UNICC, .during the infrastructure analysis, "Group-IB researchers examined the domains and other digital indicators and concluded that the whole network is likely to be maintained and controlled by a scammer collective codenamed DarkPath Scammers. Most of the domains with phishing and scam content are using CDN’s (Content Delivery Networks) to hide IP addresses of the real servers. The scammers are using the same infrastructure configuration with its traits and misconfigurations across all their servers. Group-IB continues to monitor the scammers’ activity. Organizations should carry out seamless online monitoring to promptly detect any cases of illicit use of their brands."

$571 Million to be Paid over Bitcoin Scam

 

The Commodity Futures Trading Commission on 26th March 2021 declared that the U.S. District Court for the Southern District of New York entered a default judgment against Benjamin Reynolds, purportedly of Manchester, England, finding that he worked a fake plan to request bitcoin from members of the public and misappropriated customers of bitcoin. This case was brought in connection with the Division of Enforcement's Digital Assets Task Force. 

The Commodity Futures Trading Commission (CFTC) is an independent agency of the US government made in 1974, that controls the U.S. derivatives markets, which incorporates futures, swaps, and certain kinds of options. The expressed mission of the CFTC is to promote the integrity, strength, and energy of the U.S. derivatives markets through sound guidelines. After the financial crisis of 2007–08 and since 2010 with the Dodd-Frank Wall Street Reform and Consumer Protection Act, the CFTC has been changing to carry more transparency and sound regulation to the multi-trillion dollar swaps market. 

Between May 2017 and October 2017, Reynolds utilized a public site, different social media accounts, and email communications to request at least 22,190.542 bitcoin, esteemed at around $143 million at that point, from in excess of 1,000 clients around the world, including at least 169 people living in the U.S. 

In addition to other things, Reynolds dishonestly addressed to clients that Control-Finance exchanged their bitcoin deposits in virtual currency markets and utilized particular virtual currency dealers who created ensured trading benefits for all clients. He likewise developed a detailed affiliate marketing network that depended on deceitfully encouraging to pay outsized referral profits, rewards, and bonuses to urge clients to allude new clients to Control-Finance. Truth be told, Reynolds made no trades for clients' benefit, procured no trading benefits for them, and paid them no referral rewards or bonuses. While Reynolds addressed that he would return all bitcoin deposits to clients of Control-Finance by late October 2017, he never did and rather held the deposits for his very own utilization. Clients lost most of the entirety of their bitcoin deposits because of the scheme.

The court's March 2, 2021 order expects Reynolds to pay almost $143 million in compensation to defrauded clients and a civil monetary penalty of $429 million.

Email Scam Under the Name of IRS Try to gain EFIN of Tax Preparers

 

A lot of people are familiar with the US Internal Revenue Service (IRS) scam letters about the tax season that are phishing for money. Now, in a virtual version of the fake IRS letter, a different kind of IRS scam aims for tax practitioners. 

The IRS has instructed tax practitioners to seek for the scam that tries to obtain the E-Filing Identification Number (EFIN) of a victim. Here, intruders use a fake email to attack the identity and customer information of tax preparers. Besides, attackers can impersonate the tax preparer and submit fake tax returns to receive refunds, if they have the data. 

The hoax started with a scam email, as per the IRS. The message claimed to have come from 'IRS tax e-filing.' This was an e-mail that went under the heading - ‘Verifying your EFIN before e-filing.’ The e-mail informs the tax preparer that certain documents are to be sent to check and get approved by the e-file staff. It then requests a copy of its EFIN and the license number of its driver. To make the situation more urgent, the email warns that, unless you comply, the IRS will disable e-filing access for the tax preparer. 

This season, many other major tax scams have also been identified by the IRS and other sources. For example, the IRS cautioned taxpayers in early February against threatening 'ghost' preparers of the tax return who are refusing to sign the returns they are making. Every return prepared needs the Preparer Tax Number and it should be signed by the tax preparers as well. The IRS says that the lack of signature may suggest the fraudulent activity of the tax preparer. They may be promising, depending on the size of those refunds, for example, big refunds charging huge fees and accordingly. 

Through investing in their e-mail security defense, organizations can protect themselves and their users against such an IRS scam. One way they could do this is to develop a safety education program and educate employees about some of the most common kinds of publicly available tax-based phishing emails and other scams. Organizations should continuously test their employees to keep their employees informed of this IRS scam and similar attacks. Threat intelligence should be used to keep up with the latest tax scams. 

Furthermore, the IRS advised the tax preparers to avoid undertaking any of the email steps. It's best to delete the email and not respond in any way.

Russian media reported on fake domains for pre-ordering coronavirus vaccine

After the Russian Ministry of Health registered the first coronavirus vaccine, the number of new domains associated with the vaccine increased on the Internet.

Creating a phishing site takes three to four hours thanks to designers and illegal CDNs, and earnings from them can range from thousands of dollars and much more depending on the audience and period, said Andrey Zaikin, head of the Information Security department at CROC IT company.

In the ten days since the vaccine was registered, 113 related domains appeared in the .com and .ru zones, said Eugene Voloshin, Director of the cybersecurity company Bi.Zone. Infosecurity a Softline Company adds that in July-August 2020, 445 domains were registered, which is about nine per day.

Such sites started appearing in March. They offered to buy a non-existent vaccine and medication for coronavirus.

One resource in English offered to pre-order a vaccine in the amount of 10,000 to 1 million doses and pay a quarter of the cost of the batch, reported the Telegram channel @In4security.

According to Check Point, the number of actual attacks related to the coronavirus has decreased: in July, there were about 61 million on average per week, and in June - about 130 million per week. In contrast, Trend Micro believes that the number of Internet threats exploiting the topic of coronavirus is growing, as the number of complaints from citizens has increased three to four times. In the first half of 2020, the company identified 9 million such threats.

The volume of phishing increased as people became much more active on the Internet during the pandemic and this continues to this day, believes expert of Kaspersky Lab. 

Number of fake delivery services increased in Russia


Alexander Vurasko, a leading Infosecurity analyst at Softline Company, said that during the pandemic, scammers learned how to qualitatively fake food and electronics delivery sites.  Over the past four months, 56 clones have appeared at Delivery Club, and at least 30 at Yandex.Food. Companies try to quickly block such resources, but they do not always succeed.

The expert noted that the peak of the appearance of such Internet resources was recorded in April.

In addition to food sites, experts found fake Samsung online stores and Citilink online electronics hypermarket.

These sites almost completely copy the original ones: they have a catalog with hundreds of items, users can choose a restaurant, order dishes, enter the delivery address and pay for the order with a Bankcard.

Alexei Drozd, head of the information security department at SerchInform, noted that in April, the use of the delivery theme in the domain name increased: if in February there were 53 domain registrations with the word delivery, then in April — 288. According to him, this means that a high-quality Grabber has appeared on the Darknet,  a program that can reliably copy the look and content of the site.

Fraudsters actively used such software, but it is more difficult to copy marketplaces with a complex structure than a regular website, and if they already succeed, then we should expect new large phishing waves, warns Mr. Drozd. According to him, phishing sites live up to the first complaints from users or copyright holders, so it is important that companies themselves fight phishing.

Moreover, on the fake Delivery Club, after entering the card data, users need to enter the code from the SMS, so it can not be excluded that at this moment "someone links their number to your mobile Bank", noted the Telegram channel In4security, which discovered such a resource.

Kaspersky Lab also noticed sites that mimic well-known food delivery services. Hackers always use popular brands, says Tatiana Sidorina, a senior content analyst at the company.

Russians began to click on scam sites 10 times more often


According to the study of Kaspersky Lab, at the beginning of 2020, the number of attacks on Russians through scam resources increased 10 times to 15 million, and the number of such pages doubled to 10 thousand. The rapid increase is associated with the spread of the coronavirus. Fraudsters actively exploit the theme of the pandemic: from fake promises to pay benefits or refunds for a small cash contribution to the sale of personal protective equipment.

If every click to a scam page entailed deception of at least one user, then the potential amount of damage in the first quarter of 2020 could exceed 3 billion rubles ($40,5 million). Experts did not say how much money the Russians lost on scam resources during this period.

Senior content analyst at Kaspersky Lab Tatyana Sidorina believes that the popularity of scam resources has increased, as Russians have begun to spend more time at home, on the Internet. In addition, users are offered various big money compensations, for the withdrawal of which they need to pay a small commission.

She stressed that the scam resources disguised as state lotteries began to be actively used at the beginning of 2020, 219 resources were discovered. Kaspersky Lab noted that last year, separate statistics on lotteries were not even kept.

In order to minimize the damage from fraud, the Stoloto state lottery is already actively cooperating with law enforcement agencies and conducting an information campaign, said Varvara Basanovich, the organization's operating Director. She stressed that it is impossible to win the lottery without buying a ticket, and the tax is paid after receiving the money, and not in advance.

The head of Analytics and Special Projects at InfoWatch, Andrey Arsentiev, expects that after exiting the self-isolation regime, mass frauds with tourist trips to Russian resorts can start, as well as sellers of drugs for restoring strength, immunity and mental health can become active.

Ukrainian cyber police exposed a fraudulent scheme of financial auctions


Earlier EhackingNews reported that cyber police in the Kharkiv region exposed members of a criminal hacker group who purposefully carried out attacks on private organizations and individuals to illegally gain access to their remote servers. It is established that in this way they managed to hack more than 20 thousand servers around the world.

It turned out that in fact, the cyber police exposed a fraudulent scheme of financial auctions with a monthly turnover of $100 thousand.

According to cyber police, the attackers opened in Kiev several call centers to conduct trading on the world financial markets. They offered their victims to invest money, which in the future, according to them, can bring high profits. Otherwise, they promised to return the invested money.

Scammers created an imitation of trading, appropriating money for themselves. When the client tried to withdraw money, the attackers carried out a number of operations that led to the complete loss of money by the client.

All invested money was credited to the offshore accounts of the attackers. In the end, the income amounted to more than 100 thousand US dollars monthly. The attackers worked on the territory of Ukraine and the European Union. Cyber police identify all victims.

Law enforcement officers raided the offices of fraudsters and seized system units, servers, and mobile phones. During an inspection of this technique, it was found that the attackers also sold illegal drugs. Their sale was carried out in Ukraine and abroad via the Internet. Attackers face up to 12 years in prison and confiscation of property.

It is worth noting that fraud with Bank cards is gaining popularity in Ukraine. A fraudster who stole more than $42 thousand from his victims was detained last month. The man duplicated Bank cards of citizens. Imitating an ATM operation error, he used special manipulations to duplicate the card of the next user of the Bank.

Military Personnel and Veterans - faced the worst hit by scammers loosing 405 Million dollars since 2012



It's easy to trick anyone in a financial scam but hackers and scammers found their favorite victims in militants and veterans. According to a new report analyzed by the Federal Trade Commission (FTC) and Better Business Bureau, nearly one million militants and veterans in the US have been conned of 405 million dollars in different scams since 2012.



The Losses
The loss by Army personnel accounts for up to 142 million dollars, this loss by Army personnel records up to 64% of the total loss in scams since 2012. This was followed by a loss by the Navy, losing 62 million dollars. Meanwhile, loss by Airforce and Marine stands at $44,257,654 and $24,976,528 respectively. Veterans also suffered great losses, 60% of the total loss.

The worst-hit states

The state Virginia was the most impacted, with the highest number of reports recorded standing at a number of 70,047. Most of these were duped by a retailer who tricked army personnel and veterans into paying $5 for legal protection.

Some of the prominent scams

Bank and lender scams were the highest, with a loss of 111,709,530 dollars. The next one and among the most common scam that conned veterans were the fraudulent employment variety. Such scams were reported for over 270,000 since 2012. In these cases, scammers send emails to new veterans offering them jobs as civilians.

They claimed of having the job offer on popular boards like LinkedIn. After hiring, they asked the newly appointed individual to buy equipment from a website (operated by fraudsters). The veterans were assured that they will receive the amount for the equipment back but to no avail.
Other scams reported during the last seven years included identity theft, imposter scams, and advanced payment for credit services.

Cyber Criminals Use New Method To Steal Funds From Bank Customers' Account


According to a report of the Central Bank, this year, Bank fraudsters have a new way of stealing from Bank cards, they pose as Bank employees using the technology to substitute phone numbers. Special IP-telephony services allow them to perform substitution of numbers, or scammers disguise the number using the letters OOO instead of 000 and so on.

It is noted that the two tools help the scammers to commit thefts. The first is access to personal data. Only in the last six months, the Central Bank specialists found 13 thousand ads for buying or selling names and phone numbers. Attackers, who got personal data, can easily simulate a conversation as an employee of a credit institution, insurance company or government agency.

The second tool of scammers is special programs that allow them to disguise as the official number of the Bank. The Central Bank recognised the falsification of Bank numbers as a new massive way of stealing money from the population.

According to the Bank of Russia, this summer the number of fraudulent calls to customers increased dramatically, and in June-August, the regulator sent data to Telecom operators on more than 2.5 thousand numbers from which calls to customers of Banks were received. However, only 200 numbers were blocked.

Experts believe that blocking numbers is not the best way to combat fraud. It would be more correct to stop the leakage of personal data from Banks and other organizations.

Thefts are mostly associated with the substitution of phone numbers, and Telecom operators refer to the lack of norms in the law. We will initiate changes to the law on communications, - said Artem Sychev, the First Deputy Head of the Department of information security of the Central Bank.

Don’t change your birth year to 2007 to Twitter or you’ll be locked out

There are tons of hoaxes constantly doing the rounds on Twitter, including the recent Bitcoin scam. Today, I want to warn you about one that’s taken over the platform over the past couple of days: the “birth year hoax“.

It’s as simple as it is stupid: it encourages you to head into your settings and change your birth year to 2007, in order to unlock a colourful feed or a ‘retro’ theme across the site. Instead, users who fall for the scam will be locked out of their accounts because Twitter prohibits anyone under the age of 13 from using the site.

So, as soon as you change your birth year, Twitter thinks that you’re only 12 years old, and blocks your account.

Twitter has automatically prevented users under 13 from using the social network since May last year and its terms of use state that the social network is "not directed to children."

You were promised a new timeline of colour options. You ended up getting blocked from the social networking site.

Earlier this week, rumours were circulating that changing your birthyear would give you access to Twitter's nostalgic old appearance.

Twitter has warned users to ignore a hoax suggesting an alternative colour scheme will appear in the app if they change their birth year to 2007. Users won't get a new colour scheme on the Twitter app if they change their birth year, the social network says.

If you, like many people, were lured into changing your birth year on Twitter to 2007 to unlock new colour schemes, you fell victim to one of the social media's latest hoaxes.

"Please don't do this," the company said via a tweet.

If you’ve unfortunately fallen prey to this scam and are locked out of your account, follow the instructions in the email the company has sent you to regain access.

Thousands Of Users Thrashed By Extremely Real-looking-Fake-Scans Scam



Thousands of users have encountered a severe threat from scammers who are employing cunning use of JavaScript and HTML codes by way of “Potentially Unwanted Applications”.

A major security researching organization uncovered a recent development in the scamming area where PUAs and POAs are being employed.

These scams could be categorized as tech-support scams which primarily work on scaring the victim into doing something unforeseen by the victim themselves.

After fake-calls, potentially unwanted applications have become quite common, but the latest twist is the shrewd usage of JavaScript and HTML code.

These codes specifically work on making the fake scans seem implausibly real, making it faster and easier for the scanners to fool their prey.

The well-known Norton Security applications are basically being stolen from the aforementioned organization.

These scams are in no way comparable to the basic and obvious anti-virus scams that are run on a common basis.

The scammers make the scan look so legit that it never occurs to the victim to question it at all.

There sure is an alert which pops up. The users think of it to be as one from an anti-malware app, when it’s actually coming from a web browser.

The way the scanners go around is that they offer an infection to be paired up by way of a 10-second scan. This obviously lures the users in swiftly.

A web-based dashboard is being implemented by the scammers to manage and monitor all the scams that are happening.

Thousands of dollars have been wrested from the victims that too by using overtly basic, fake looking contrivances.

Last three months of 2018 had been really busy for Symantec, the aforementioned organization, as they’ve blocked PUA installations around 89 million times.

There are several points that have to be kept in mind, for instance, no pop up is capable of analyzing the hard drive and the real files on it.

No anti-malware supplication would ask the user to download a separate application for the update process.

The best way to get saved from this kind of threat is looking out for an alert that mentions the remaining days left in the so called “subscription”.

Scam Alert: Emails Citing You’ve Won A BMW M24oi







There is a fresh scam in the market. Beware of emails citing that you’ve won a BMW lottery and acquired a BMW 2 series M24oi in this holiday season. These scams as per usual are after your personal data and credentials.


What seems to be like a whole new scamming campaign is actually trying to lure users into believing that they have won a lottery and as the prize they have won a BMW 2 series M24oi.


According to a reputed source the e-mails could have phrases and sentences like, “Hurry claim the prize” or “Claim your car and check with your winning code.” The contents of the e-mail are as follows:-

“Your e-mail has been selected for a prize of a brand new 2018 BMW 2 Series M24oi xDrive and a cheque of $1,500,000.00 USD from the international balloting programs held in USA but the WINNING IS FOR EVERYBODY CONTACTED AS A WINNER IN ANY PART OF THE WORLD. Contact the claims agents with the code BMW:2541256004/25 and your Delivery Details (full name, address of delivery and mobile number) to claim your prize.
 Congratulations!!!!
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.”


The moment the receiver falls into the trap by sending the attacker their information, the cyber-con behind the scam is quite likely to as for more information including social security numbers and other sort of confidential information.


Later, the harvested information would be used to operate an identity theft in order to attain access to the receiver’s financial as well as personal accounts.


The only way to save your own self from falling into the entrapment of such scams is to delete the e-mails as soon as they are received. Or you might end up paying heavily.


21-Year-Old Arrested For SIM Swapping Hack; Allegedly Steals $1 Million


U.S. broadsheet the New York Post announced Nov. 20 regarding some authorities in the United State, state of California who have arrested a 21-year old New Yorker for the supposed burglary of $1 million in crypto utilizing "SIM-swapping,"

SIM-swapping otherwise called a "port-out scam" includes the burglary of a mobile phone number with the end goal to capture online financial and social media accounts, empowered by the way that numerous organizations utilize computerized messages or telephone calls to deal with client validation.

The captured suspect, Nicholas Truglia, is accused for having focused on well off Silicon Valley officials in the Bay Area, and of effectively convincing telecoms support staff to port six exploited people's numbers to his an affirmed "crew" of accomplice attackers. Deputy DA Erin West, of Santa Clara Superior Court, told the Post that the ploy was "a new way of doing an old crime.”

“You’re sitting in your home, your phone is in front of you, and you suddenly become aware there is no service because the bad guy has taken control of your phone number,” West said.

With his capture on November 14, authorities were able to recover $300,000 in stolen reserves while the remaining assets remain untraced.

Trugila is currently being held at pending for extradition to Santa Clara, where he faces 21 felony counts related with an aggregate of six exploited people, authorities said. One of Truglia's supposed SIM-swapping victims, San Francisco-based Robert Ross, was purportedly robbed of $500,000 worth of crypto possessions on his Coinbase wallet "in a flash" on Oct. 26, and in the meantime a further $500,000 was taken from his Gemini account. West said the $1,000,000 was Ross' "life savings" and his two girls' college fund.

This rising predominance of SIM swap-related occurrences has therefore provoked a California-based law enforcement group to make it their "most noteworthy need." in excess of one prominent occasion, exploited people have acted to sue telecoms firms, for example, AT&T and T-Mobile for their help of the wrongdoing.

Truglia is since being held Manhattan Detaintion Complex pending extradition to Santa Clara in California. Formal charges identify with a seven-day "hacking spree" starting Oct. 8, particularly involving "grand theft, altering or damaging computer data with the intent to defraud and using personal information without authorization.”